Malware

Malware (malicious software) is any software intentionally designed to cause harm to a computer, server, network, or user. It is an umbrella term covering a wide range of hostile programs that can steal data, damage systems, or provide unauthorised access.

Types of malware:

• Virus: Self-replicating code that attaches to legitimate programs
• Worm: Self-propagating malware that spreads across networks without user interaction
• Trojan: Disguised as legitimate software to trick users into installation
• Ransomware: Encrypts data and demands payment for decryption
• Spyware: Secretly monitors user activity and collects information
• Adware: Displays unwanted advertisements, often bundled with free software
• Rootkit: Hides deep within the operating system to maintain persistent access
• Fileless malware: Operates in memory without writing files to disk
• Botnet malware: Turns infected devices into remotely controlled bots

Common infection vectors:

• Phishing emails with malicious attachments or links
• Drive-by downloads from compromised websites
• Infected USB drives or removable media
• Pirated software and cracked applications
• Exploitation of unpatched software vulnerabilities
• Malicious advertisements (malvertising)
• Supply chain compromise of legitimate software updates

Malware defence layers:

• Email security filtering (block malicious attachments and links)
• Endpoint detection and response (EDR)
• DNS filtering (block malicious domains)
• Regular patching and software updates
• User security awareness training
• Application control (whitelist approved software)
• Network segmentation to limit spread